Cybersecurity Fundamentals

Similar documents
Les joies et les peines de la transformation numérique

IT Governance and emerging trends

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Cybersecurity, Trade, and Economic Development

Hacker Academy UK. Black Suits, White Hats!

Sage Data Security Services Directory

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Towards a more secure Cyber Space for South Africa

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

THE POWER OF TECH-SAVVY BOARDS:

Cyber Security Update. Bennett L. Gaines Senior Vice President, Corporate Services, CIO, FirstEnergy 2012 Summer Seminar August 5-7, 2012

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Governance Ideas Exchange

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Implementation Strategy for Cybersecurity Workshop ITU 2016

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

NCSF Foundation Certification

Background FAST FACTS

ISACA January 2016 Cybersecurity Snapshot US Results. Number of respondents (n) = 862

Uncovering the Risk of SAP Cyber Breaches

Securing Your Digital Transformation

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Altitude Software. Data Protection Heading 2018

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

AFCEA Welcome/Opening Keynote Speech. Murad Bayar, Undersecretary for Defense Industries, MoND, Turkey

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Cyber-Threats and Countermeasures in Financial Sector

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

13967/16 MK/mj 1 DG D 2B

Turning Risk into Advantage

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Cybersecurity is a Journey and Not a Destination: Developing a risk management culture in your business. Thursday, May 21, 2015

FOR FINANCIAL SERVICES ORGANIZATIONS

In the wrong hands it s an open invitation

People risk. Capital risk. Technology risk

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

Combating Cyber Risk in the Supply Chain

Cyberbit Range. A Global Success Story by CYBERBIT 2017 by CYBERBIT Proprietary CYBERBIT Proprietary

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

EMPOWER PEOPLE IMPROVE LIVES INSPIRE SUCCESS

RISING CYBER SECURITY CAPABILITY WITH A UNIQUE NETWORK OF TRUSTED PARTNERS. Jan De Blauwe Chairman Cyber Security Coalition Belgium

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Creating a Cybersecurity Culture: (ISC)2 Survey Responses

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Cybersecurity for Health Care Providers

Commonwealth Cyber Declaration

Angela McKay Director, Government Security Policy and Strategy Microsoft

Building a Threat Intelligence Program

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

THE CYBERSECURITY LITERACY CONFIDENCE GAP

ANATOMY OF AN ATTACK!

Cybersecurity for Product Lifecycle Management A Research Roadmap

Threat-Agnostic Defense tm is the New Security Paradigm

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

Provide Your Customers with a New Compute Experience

PEOPLE INNOVATION CAPITAL INFRASTRUCTURE AGILITY. New Brunswick Growth Opportunity. Cybersecurity

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Vademecum of Speakers

NERC Staff Organization Chart Budget 2019

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Advanced Technology Academic Research Council Federal CISO Summit. Ms. Thérèse Firmin

Position Title: IT Security Specialist

NERC Staff Organization Chart Budget 2018

Kaspersky Security Awareness

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

What It Takes to be a CISO in 2017

SOC for cybersecurity

The Business Value of including Cybersecurity and Vendor Risk in ERM

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Cybersecurity Guidance for Small Firms Thursday, November 8 9:00 a.m. 10:00 a.m.

Cybersecurity Session IIA Conference 2018

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

NERC Staff Organization Chart Budget 2019

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016

112 th Annual Conference May 6-9, 2018 St. Louis, Missouri

Cyber Security: Exploring the Human Element

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

Rethinking Cybersecurity from the Inside Out

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

Incident Response Services

Cybersecurity and the Board of Directors

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

Transcription:

Cybersecurity Fundamentals Prof. Georges Ataya, Vice President of the Belgian Cybersecurity Coalition Academic Director, IT Management Education (Solvay Brussels School of Economics and Management) Managing Partner, ICT Control SA

Previously: One to One solution Security Threat Address Vulnerability

Previously: One to One solution Virus infection Social engineering Technical threat Software to detect and eradicate malware Staff awareness and education Technical solution

Building higher defensive walls and installing defense-in-depth solutions

Advanced persistent threats

List of major APT Attacks Attack name Period Impact or outcome Tens of thousands of files stolen, including maps of military installations, troop configurations and military Moonlight Maze 1998 2000 hardware designs, resulting in millions of dollars of damage Titan Rain 2003 2005 Not disclosed. Likely to be similar to Moonlight Maze Trade secrets stolen, including design, financial, manufacturing and strategic planning information from US Sykipot 2007 2012 and UK companies, resulting in loss of competitiveness GhostNet 2008 2009 Political and economic data compromised on more than 1,000 computers in over 100 countries Operation Aurora 2009 2010 Large quantities of intellectual property stolen, resulting in substantial losses in competitiveness Infected more than one million computers around the world, causing tens of millions of dollars in Gozi 2007 onward damages Compromised tens of thousands of FTP accounts on company sites and several million bank users, Zeus 2007 onward resulting in the theft of hundreds of millions of dollars SpyEye 2009 onward Millions of dollars stolen from the customer accounts of several hundred banks across the world The malware was reported to have caused substantial damage to the centrifuges at the Natanz nuclear Stuxnet 2010 enrichment laboratory in Iran. Duqu 2011 Captured information that might enable a future APT attack on industrial control systems Stole information from around 1,000 machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia, and Flame 2012 Egypt. Attacks ceased when publicly disclosed Reported to have stolen hundreds of terabytes of secrets from diplomatic, trade, military, aerospace, Red October 2007 2012 energy, and research organizations in Russia, Iran, the US, and other countries Eurograbber 2012 Stole an estimated 36 million euro from more than 30,000 customers in over 30 banks across Europe

Sources of APT Threat

Highest Enterprise Risk of Successful APT Attack WHAT DO YOU BELIEVE TO BE THE HIGHEST RISK TO YOUR ENTERPRISE ASSOCIATED WITH A SUCCESSFUL APT ATTACK?

The Cyber Kill Chain Sequence of activities conducted by an attacker to carry out an APT attack

The Cybersecurity Skills Gap 2 There are an estimated 410,000 to 510,000 information security professionals worldwide, and jobs are expected to increase 53 percent by 2018 with over 4.2 million jobs available 1. 1 However, recent studies and reports suggest that there are simply not enough skilled professionals to fill them. 1 McKinsey Study 2011 2 Source: 2013 Global Information Security Workforce Study, Frost & Sullivan and Booz Allen Hamilton.

Cybersecurity Roles The structure and governance of every organization is different and varies based on the type of organization. Each organization has its own mission (business), size, industry, culture and legal regulations. However, all organizations have a responsibility and duty to protect their assets and operations, including their IT infrastructure and information Compliance Executive Management Senior Information Security Management Risk management Board of Directors Cybersecurity Practitioners Information Security Roles

Knowledge domains for Information Security Age Technical Generic Management Source: Georges Ataya

Cybersecurity processes IDENTIFY PROTECT DETECT RESPOND RECOVER 2015 ICTC.EU

Cybersecurity processes IDENTIFY PROTECT DETECT RESPOND RECOVER

Sources of information To be downloaded at isaca.org

2014 Information security risk can be seen as the multiplication of three factors: assets, vulnerabilities and threats.

Executive Education in IT Management Executive Education in Information Security Management Solvay.edu/IT

Executive Master in IT Management Executive Master in Information Risk and Cybersecurity Executive Programme in CIO Practices CIO Leadership IT Business Agility Enterprise and IT Architecture IT Sourcing IT Management Consulting Executive Programme in Security Governance Information Security Cybersecurity Solvay.edu/IT

Lectured tracks and modules S track Info Security G track IT Governance M track IT Management B track Business Agility A track Activating skills S1 Information Security Management G1 The CIO Foundation M1 Applications Build and Management B1 Enterprise Strategy and Architecture A1 IT Finance and Portfolio Management S2 IT Security Practices G2 IT Governance Workshop M2 IT Services and Run Management B2 Business Transformation A2 Soft Skills for IT professionals S3 Cybersecurity Workshop G3 IT Risk and Legal concerns M3 IT Sourcing Management B3 Digital Agility and Innovation A3 Building Expert Opinion 2014 ictc.eu Solvay.edu/IT

Today: Knowledge exchange Share experiences: good and bad Learn from each other Create the foundations for the awareness building and the policy recommendations Ultimate goal Get the number of infected computers down

Georges Ataya gataya@solvay.edu solvay.edu/it

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback